kenrbnsn's Content - Page 326

Hardcoding

kenrbnsn replied to cinnom's topic in PHP Coding Help

Your hosts don't know what they are talking about when they say you have to hardcode the mail. What you have to do is validate the contents of any POSTed variable that is being returned from the form and is used to create part of the email header. There are malicious people who have been exploiting PHP mail forms since last summer to (attempt) to send spam. They screen scape your form and then use a program to try to break your form. The fill each field with either an email address or a string that will inject a MIME content-type header and a BCC into your email message. I've been successfully thwarting these attempts by using the following code: [code]<?php if (isset($_POST)) foreach($_POST as $k=>$v) if (stristr(strtolower($v),'content-type:')) { // // send a tracking email back to your self giving details of the attempt // exit(); } ?>[/code] Ken

My form being used to send SPAM?

kenrbnsn replied to purplemist2002's topic in PHP Coding Help

You got hit by the mail injection problem that surfaced last summer. Please see the article on [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]Email Header Injection Exploit[/a] for ways to fix your script. Ken

.httaccess

kenrbnsn replied to Carsten's topic in Apache HTTP Server

Using FTP from within PHP is not a function that Apache deals with. Safe mode in PHP disables a lot of functions. See [a href=\"http://us2.php.net/manual/en/features.safe-mode.php\" target=\"_blank\"]http://us2.php.net/manual/en/features.safe-mode.php[/a] for more information. This question should probably be moved to one of the PHP forums. Ken

Human readable alphanum.

kenrbnsn replied to PureEvil's topic in MySQL Help

Is the field defined as a character (varchar, text, char) or a number? If it is a character that is the correct ascii sort, to get what you want, make the field a number (int). Ken

[SOLVED] MYSQL, PHP ARRAY, FOR LOOP

kenrbnsn replied to bluebyyou's topic in MySQL Help

You wrote: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php $sql [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM Classes WHERE semester = \'2\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"]) or die ([/span][span style=\"color:#DD0000\"]\"Couldn\'t Execute Query\"[/span][span style=\"color:#007700\"]); [/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_array[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"],[/span][span style=\"color:#0000BB\"]MYSQL_NUM[/span][span style=\"color:#007700\"]); ECHO [/span][span style=\"color:#DD0000\"]\"<table>\n\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]extract[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"]); for ([/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]=[/span][span style=\"color:#0000BB\"]0[/span][span style=\"color:#007700\"];[/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]<=[/span][span style=\"color:#0000BB\"]6[/span][span style=\"color:#007700\"];[/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]++) { ECHO [/span][span style=\"color:#DD0000\"]\"<tr>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"<td>$dept[$i]</td>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"<td>$crse[$i]</td>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"<td>$name[$i]</td>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"<td>$description[$i]</td>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"<td>$semester[$i]</td>\n\"[/span][span style=\"color:#007700\"]; ECHO [/span][span style=\"color:#DD0000\"]\"</tr>\n\"[/span][span style=\"color:#007700\"]; } ECHO [/span][span style=\"color:#DD0000\"]\"</table>\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] To fix your problems using your method you have to replace $dept, $crse, etc., with $row, since that's were your data is, and echo out one field at a time. Also don't use the extract() function. Something like this: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php $sql [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM Classes WHERE semester = \'2\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"]) or die ([/span][span style=\"color:#DD0000\"]\"Couldn\'t Execute Query\"[/span][span style=\"color:#007700\"]); echo [/span][span style=\"color:#DD0000\"]\"<table>\n\"[/span][span style=\"color:#007700\"]; while([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_array[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"],[/span][span style=\"color:#0000BB\"]MYSQL_NUM[/span][span style=\"color:#007700\"])) { echo [/span][span style=\"color:#DD0000\"]\"<tr>\n\"[/span][span style=\"color:#007700\"]; for ([/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]=[/span][span style=\"color:#0000BB\"]0[/span][span style=\"color:#007700\"];[/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]<=[/span][span style=\"color:#0000BB\"]6[/span][span style=\"color:#007700\"];[/span][span style=\"color:#0000BB\"]$i[/span][span style=\"color:#007700\"]++) echo [/span][span style=\"color:#DD0000\"]\"<td>$row[$i]</td>\n\"[/span][span style=\"color:#007700\"]; echo [/span][span style=\"color:#DD0000\"]\"</tr>\n\"[/span][span style=\"color:#007700\"]; } echo [/span][span style=\"color:#DD0000\"]\"</table>\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] If I were coding this, I would use the mysql_fetch_assoc() function, since, I think, it results in more understandable code: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php $sql [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM Classes WHERE semester = \'2\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"]) or die ([/span][span style=\"color:#DD0000\"]\"Couldn\'t Execute Query\"[/span][span style=\"color:#007700\"]); echo [/span][span style=\"color:#DD0000\"]\"<table>\n\"[/span][span style=\"color:#007700\"]; while ([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_assoc[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"])) echo [/span][span style=\"color:#DD0000\"]\"<tr>\n\"[/span][span style=\"color:#007700\"]; foreach ([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]as [/span][span style=\"color:#0000BB\"]$k[/span][span style=\"color:#007700\"]=>[/span][span style=\"color:#0000BB\"]$val[/span][span style=\"color:#007700\"]) echo [/span][span style=\"color:#DD0000\"]\"<td>$val</td>\n\"[/span][span style=\"color:#007700\"]; echo [/span][span style=\"color:#DD0000\"]\"</tr>\n\"[/span][span style=\"color:#007700\"]; }echo [/span][span style=\"color:#DD0000\"]\"</table>\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] Ken

mySQL annoyance

kenrbnsn replied to stephenk's topic in MySQL Help

Instead of: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php $sql [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$go [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$conn[/span][span style=\"color:#007700\"]) or die ([/span][span style=\"color:#DD0000\"]\"could not execute query 1 to update\"[/span][span style=\"color:#007700\"]); if([/span][span style=\"color:#0000BB\"]$go[/span][span style=\"color:#007700\"]) {echo [/span][span style=\"color:#DD0000\"]\"Result recorded\"[/span][span style=\"color:#007700\"];} [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] try [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php [/span][span style=\"color:#007700\"]echo [/span][span style=\"color:#DD0000\"]\'Will now attempt to perform <span style=\"font-weight:bold\">\' [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$sql [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#DD0000\"]\'</span><br>\'[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$go [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$conn[/span][span style=\"color:#007700\"]) or die ([/span][span style=\"color:#DD0000\"]\"could not execute query 1 to update\"[/span][span style=\"color:#007700\"]); if([/span][span style=\"color:#0000BB\"]mysql_affected_rows[/span][span style=\"color:#007700\"]() > [/span][span style=\"color:#0000BB\"]0[/span][span style=\"color:#007700\"]) echo [/span][span style=\"color:#DD0000\"]\"Result recorded\"[/span][span style=\"color:#007700\"]; else echo [/span][span style=\"color:#DD0000\"]\'There was a problem with the query\'[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] Or you could do [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php [/span][span style=\"color:#007700\"]echo [/span][span style=\"color:#0000BB\"]mysql_info[/span][span style=\"color:#007700\"](); [/span][span style=\"color:#0000BB\"]?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] instead of the if at the end. See if you get any more relavent information from these statements. Ken

MySQL Order By?

kenrbnsn replied to Ephialtes's topic in MySQL Help

How is your field defined? If is it a character string, that how numbers are sorted when they are treated as text. Define it as an int and it should sort fine. Ken

add to all

kenrbnsn replied to simjay's topic in MySQL Help

You could do it in a short loop: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--][span style=\"color:#0000BB\"]<?php $q [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"select imagedir,id form yourtable where imagedir != \'pic/c.png\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$rs [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$q[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\'Problem with query: \' [/span][span style=\"color:#007700\"].[/span][span style=\"color:#0000BB\"]$q[/span][span style=\"color:#007700\"].[/span][span style=\"color:#DD0000\"]\'<br>\'[/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]()); while ([/span][span style=\"color:#0000BB\"]$rw [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_assoc[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$rs[/span][span style=\"color:#007700\"])) { [/span][span style=\"color:#0000BB\"]$qu [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"update yourtable set imagedir = \'pic/c.png\' where id = \'\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$rw[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'id\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$ru [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$qu[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#0000BB\"]Problem with update query[/span][span style=\"color:#007700\"]: [/span][span style=\"color:#DD0000\"]\' . $qu . \'[/span][span style=\"color:#007700\"]<[/span][span style=\"color:#0000BB\"]br[/span][span style=\"color:#007700\"]>[/span][span style=\"color:#DD0000\"]\' . mysql_error()); echo \'[/span][span style=\"color:#0000BB\"]ID[/span][span style=\"color:#007700\"]: [/span][span style=\"color:#DD0000\"]\' . $rw[\'[/span][span style=\"color:#0000BB\"]id[/span][span style=\"color:#DD0000\"]\'] . \'[/span][span style=\"color:#0000BB\"]Updated successfully[/span][span style=\"color:#007700\"]<[/span][span style=\"color:#0000BB\"]br[/span][span style=\"color:#007700\"]>\'[/span][span style=\"color:#0000BB\"].\"\n\"; } ?>[/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] Add your appropriate database initializations to the beginning of the file. Ken

Databases... gone O_o

kenrbnsn replied to fuzzylove's topic in MySQL Help

Talk to your hosting provider. See if they did anything. Request the files be restore from backup. In the futurem use phpmyadmin to export all of your data to a file and save it on your local machine. That way, if this happens again, you can restore it yourself. Ken

MySQL and String Functions

kenrbnsn replied to fingerbob's topic in MySQL Help

What are the messages you're getting and can we see your code? Ken

error accessing mysql_fetch_row results

kenrbnsn replied to mysterio's topic in MySQL Help

If you want to use an associative array, you need to tell mysql to give it to you. [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--] [span style=\"color:#0000BB\"]<?php $result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$sql[/span][span style=\"color:#007700\"]); [/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_assoc[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"]); [/span][span style=\"color:#FF8000\"]// changed mysql_fetch_row to mysql_fetch_assoc [/span][span style=\"color:#0000BB\"]$status [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'status\'[/span][span style=\"color:#007700\"]]; [/span][span style=\"color:#FF8000\"]// now these two lines will work [/span][span style=\"color:#0000BB\"]$logincount [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'logincount\'[/span][span style=\"color:#007700\"]]; [/span][span style=\"color:#0000BB\"]?> [/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] Ken

PHP Tags - FIXED!

kenrbnsn replied to phpfreak's topic in PHPFreaks.com Website Feedback

I just joined a few days ago and have noticed that when PHP blocks are quoted the backslashes keep on propogating. It's as though there is a stripslashes() function call omitted somewhere. Ken

man or woman?

kenrbnsn replied to steelmanronald06's topic in Miscellaneous

Reading these replies make me feel really OLD :-) I'm, male, 54. I've been in the computer field for over 30 years. I started created straight HTML web sites in 1993 or 1994. I learned PHP in 1999 and added MySQL in 2000. I am still learning to produce better PHP code. My next big challenge is to start learn PHP5 and OO coding. (I was in college when the structured programming revolution took place) And, yes, I do remember using punch cards, TTY-33 terminals, Selectric typewrites for terminals, 300 baud dial-up lines (the fastest you could get was 9600 baud), and no Internet. (although I did roam the ARPAnet in 1974 or 75) Ken

Sign In

kenrbnsn

Posts

Joined

Last visited

Content Type

Profiles

Forums

Everything posted by kenrbnsn